I am currently running Microsoft EMET (Enhanced Mitigation Experience Toolkit) version 5.0 (Latest Version) with the popular software list which protects other well known software as Google Chrome, Firefox, Windows Media Player............etc.

After upgrading EMET to the latest version 5.0, I noticed that the Windows Media Player (Latest Version 12) crashes and the below event log is reported.

My first suspect was EMET, I removed all mitigation for the Windows Media Player from the Apps Section as shown below.

Windows Media Player started working normal after removing all mitigation, I started checking them one by one till it crashes back again with the StackPivot Mitigation.

The StackPivot Mitigation is used to detect if the stack is pivoted and used to validate the stack register present in the context structure of certain APIs. For some reason its triggered with Windows Media player and you need to un-check it to work it out till Microsoft finds a solution since they are both Microsoft Products.

I got couple of users using Windows 7 reporting that they can't connect using Direct Access anymore whether its HTTPS or Teredo, DA just won't work. Upon further discussing the issue with them they mentioned that they enabled and disabled the Direct Access Connectivity assistant (DCA) Use Local DNS couple of times in an effort to work it out.

We started troubleshooting by checking the Name Resolution Policy table and we noticed that the NRPT was not getting applied on the DA client as shown below.

The next step was checking the DA resolution using the netsh dns show state command and it turned to be disabled.

Name Resolution Policy Table Options

--------------------------------------------------------------------

Query Failure Behavior : Always fall back to LLMNR and NetBIOS

if the name does not exist in DNS or

if the DNS servers are unreachable

when on a private network

Query Resolution Behavior : Resolve only IPv6 addresses for names

Network Location Behavior : Never use Direct Access settings

Machine Location : Outside corporate network

Direct Access Settings : Configured and Disabled

DNSSEC Settings : Not Configured

The DA client already has the correct group policies, certificates but its disabled.